Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Use Cases involving Efficient Storage GuardPoints

Use Case 4: Full Device Protection

search

Please Note:

Use Case 4: Full Device Protection

As shown in the previous use cases, administrators can add access control policies at the file system or directory level, thus controlling normal user access to the protected files. This does not, however, block users with Administrator privileges on the Windows machine from opening protected disks or volumes directly using Windows Administration tools such as DiskPart.

By opening the disks or volumes directly, Windows Administrators can read and write the clear text data from the device, bypassing any access controls. In order to prevent this, the Administrator can include a process set in the policy associated with the device-level GuardPoint. The process set includes a white list of the processes that are allowed to run on the protected device. Any process not in the white list will be blocked by CTE.

Thales recommends adding at least the following system processes to your process set. These system processes are used to create snapshots and perform other standard disk management tasks. You can add other processes to your white list as required.

  • Windows\System32\ntoskrnl.exe

  • Windows\System32\svchost.exe

  • Windows\System32\vds.exe

  • Windows\System32\webm\WmiPrvSE.exe

For an additional layer of protection, you can create a signature set that contains the signature for each one of the processes that you want to add to your white list. If you include signature information in the process set, CTE uses that signature to verify the integrity of the process before it allows that process to access the protected data.

note

Note

Signature sets are host-specific, as the signature for a particular process may be different on different hosts. Therefore, if you add a signature set to a policy, you should only assign that policy to devices on the host associated with the signature set.

On this page